<div dir="ltr">I might be able to manage the gotomeeting seesion, but with Adam away it is risky.<div><br></div><div>Phil, can you please setup a zoom session for Tuesday at 9 am?</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature">Marius</div></div>
<br><div class="gmail_quote">On Fri, Aug 4, 2017 at 11:03 AM, Phil Hunt <span dir="ltr"><<a href="mailto:phil.hunt@oracle.com" target="_blank">phil.hunt@oracle.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">If gotomeeting doesn’t have a slot (e.g. due to igov), I can volunteer my zoom line.<div><br><div>
<div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div><span class="m_2114304735300278288Apple-style-span" style="border-collapse:separate;line-height:normal;border-spacing:0px"><div style="word-wrap:break-word"><div><div><div>Phil</div><div><br></div><div>Oracle Corporation, Identity Cloud Services Architect & Standards</div><div>@independentid</div><div><a href="http://www.independentid.com" target="_blank">www.independentid.com</a></div></div></div></div></span><a href="mailto:phil.hunt@oracle.com" target="_blank">phil.hunt@oracle.com</a></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br><div><blockquote type="cite"><div>On Aug 4, 2017, at 10:47 AM, Mike Jones <<a href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>> wrote:</div><br class="m_2114304735300278288Apple-interchange-newline"><div><div class="m_2114304735300278288WordSection1" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="color:rgb(0,32,96)">I can do that.  Can someone please send the gotomeeting link we’ll be using in a calendar message?<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="color:rgb(0,32,96)"><u></u> <u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="color:rgb(0,32,96)">                              <wbr>                              <wbr>    -- Mike<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="color:rgb(0,32,96)"><u></u> <u></u></span></div><div><div style="border-style:solid none none;border-top-width:1pt;border-top-color:rgb(225,225,225);padding:3pt 0in 0in"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><b>From:</b><span class="m_2114304735300278288Apple-converted-space"> </span>Openid-specs-risc [<a href="mailto:openid-specs-risc-bounces@lists.openid.net" target="_blank">mailto:openid-specs-risc-<wbr>bounces@lists.openid.net</a>]<span class="m_2114304735300278288Apple-converted-space"> </span><b>On Behalf Of<span class="m_2114304735300278288Apple-converted-space"> </span></b>Phil Hunt<br><b>Sent:</b><span class="m_2114304735300278288Apple-converted-space"> </span>Friday, August 4, 2017 10:26 AM<br><b>To:</b><span class="m_2114304735300278288Apple-converted-space"> </span>Marius Scurtescu <<a href="mailto:mscurtescu@google.com" target="_blank">mscurtescu@google.com</a>><br><b>Cc:</b><span class="m_2114304735300278288Apple-converted-space"> </span><a href="mailto:openid-specs-risc@lists.openid.net" target="_blank">openid-specs-risc@lists.<wbr>openid.net</a><br><b>Subject:</b><span class="m_2114304735300278288Apple-converted-space"> </span>Re: [Openid-specs-risc] issuer conflict<u></u><u></u></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">WFM<u></u><u></u></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Phil<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span><u></u> <u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Oracle Corporation, Identity Cloud Services Architect & Standards<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>@independentid<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.independentid.com&d=DwMGaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=3rlpfTWWuXNuIxBphkaDI_zOlIMN6PA22QCeIPaNBPE&s=DYNRtGvv_T4iFKhlwH3WsiTFTkvZRdSyZoqH8kEDu6o&e=" style="color:purple;text-decoration:underline" target="_blank">www.independentid.com</a><u></u><u></u></span></div></div></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span><a href="mailto:phil.hunt@oracle.com" style="color:purple;text-decoration:underline" target="_blank">phil.hunt@oracle.com</a><u></u><u></u></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">On Aug 4, 2017, at 10:09 AM, Marius Scurtescu <<a href="mailto:mscurtescu@google.com" style="color:purple;text-decoration:underline" target="_blank">mscurtescu@google.com</a>> wrote:<u></u><u></u></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">What about 9 am on Tuesday?<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><br clear="all"><u></u><u></u></span></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Marius<u></u><u></u></span></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Fri, Aug 4, 2017 at 10:02 AM, John Bradley<span class="m_2114304735300278288apple-converted-space"> </span><<a href="mailto:ve7jtb@ve7jtb.com" style="color:purple;text-decoration:underline" target="_blank">ve7jtb@ve7jtb.com</a>><span class="m_2114304735300278288apple-converted-space"> </span>wr<wbr>ote:<u></u><u></u></span></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">3pm Monday before the Connect call is open.   <u></u><u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I can only join for 30min at 9:30 Tuesday because of another call I have at 10am.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">John B.<u></u><u></u></span></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div><div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Aug 4, 2017, at 12:51 PM, Marius Scurtescu <<a href="mailto:mscurtescu@google.com" style="color:purple;text-decoration:underline" target="_blank">mscurtescu@google.com</a>> wrote:<u></u><u></u></span></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Yes, we need a call. We have the regular call scheduled for Monday morning at 9:30 AM PST, but unfortunately I will be traveling at that time. Adam is on vacation next week.<u></u><u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Would it be OK to shift the Monday call either to Monday afternoon 3 pm, or Tuesday morning 9:30 am?<u></u><u></u></span></div></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><br clear="all"><u></u><u></u></span></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Marius<u></u><u></u></span></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Thu, Aug 3, 2017 at 9:31 PM, Mike Jones<span class="m_2114304735300278288apple-converted-space"> </span><<a href="mailto:Michael.Jones@microsoft.com" style="color:purple;text-decoration:underline" target="_blank">Michael.Jones@<wbr>microsoft.com</a>><span class="m_2114304735300278288apple-converted-space"> </span>wrote:<u></u><u></u></span></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(0,32,96)">I agree that a call would be productive at this point.</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(0,32,96)"> </span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(0,32,96)">                              <wbr>                        <span class="m_2114304735300278288apple-converted-space"> </span>Best wishes,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(0,32,96)">                              <wbr>                        <span class="m_2114304735300278288apple-converted-space"> </span>-- Mike</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><a name="m_2114304735300278288_m_4993303884491631765_m_-810729207875726"><span style="font-size:9pt;font-family:Helvetica,sans-serif;color:rgb(0,32,96)"> </span></a><span></span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div><div><div style="border-style:solid none none;border-top-width:1pt;border-top-color:rgb(225,225,225);padding:3pt 0in 0in"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><b><span style="font-size:9pt;font-family:Helvetica,sans-serif">From:</span></b><span class="m_2114304735300278288apple-converted-space"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> </span></span><span style="font-size:9pt;font-family:Helvetica,sans-serif">Openid-specs-risc [mailto:<a href="mailto:openid-specs-risc-bounces@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">openid-specs-risc-<wbr>bounces@lists.openid.net</a>]<span class="m_2114304735300278288apple-converted-space"> </span><b>On Behalf Of<span class="m_2114304735300278288apple-converted-space"> </span></b>Phil Hunt (IDM)<br><b>Sent:</b><span class="m_2114304735300278288apple-converted-space"> </span>Thursday, August 3, 2017 7:19 PM<br><b>To:</b><span class="m_2114304735300278288apple-converted-space"> </span>Marius Scurtescu <<a href="mailto:mscurtescu@google.com" style="color:purple;text-decoration:underline" target="_blank">mscurtescu@google.com</a>><br><b>Cc:</b><span class="m_2114304735300278288apple-converted-space"> </span><a href="mailto:openid-specs-risc@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">openid-specs-risc@lists.<wbr>openid.net</a><br><b>Subject:</b><span class="m_2114304735300278288apple-converted-space"> </span>Re: [Openid-specs-risc] issuer conflict<u></u><u></u></span></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I think we need to do a call and walk through the bootstrap cases for implicit federation vs explicit. <u></u><u></u></span></div></div><div><div><div id="m_2114304735300278288m_4993303884491631765m_-8107292078757266690AppleMailSignature"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div id="m_2114304735300278288m_4993303884491631765m_-8107292078757266690AppleMailSignature"><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Depending on how things start, how asserting parties know the user is very different. <br><br>Phil<u></u><u></u></span></div></div><div><p class="MsoNormal" style="margin:0in 0in 12pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><br>On Aug 3, 2017, at 6:59 PM, Marius Scurtescu <<a href="mailto:mscurtescu@google.com" style="color:purple;text-decoration:underline" target="_blank">mscurtescu@google.com</a>> wrote:<u></u><u></u></span></p></div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Thu, Aug 3, 2017 at 4:00 PM, John Bradley <<a href="mailto:ve7jtb@ve7jtb.com" style="color:purple;text-decoration:underline" target="_blank">ve7jtb@ve7jtb.com</a>> wrote:<u></u><u></u></span></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I suggested an array if there are multiple values that want to be published for some reason.<u></u><u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Otherwise you limit yourself to one scope for all the aliases.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Perhaps it is more of a SET issue than RISC but this all started with the proposition that sub might not be scoped to the issuer in cases where a RP is sending to a IdP. <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">So when Facebook sends to Google it would not need to scope its own identifiers.   But if it is talking about a account that google has identified as having the email address<span class="m_2114304735300278288apple-converted-space"> </span><a href="mailto:self-issued@hotmail.com" style="color:purple;text-decoration:underline" target="_blank">self-issued@hotmail.<wbr>com</a><span class="m_2114304735300278288apple-converted-space"> </span>then it would scope it.<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">RISC events sent by Facebook to Google should always use an identifier scoped to Google. Assuming Facebook is an OAuth 2 client and Google the IdP. Facebook could know the Google issued sub or the email address associated with the account (which could be a non-Google managed email). Identifiers issued by Facebook are meaningless to Google. If Facebook is the IdP and Google the RP, then Facebook issued identifiers would work.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">If you are aware of a use case when the identifier needs to be explicitly scoped then let's add it to:<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dscurtescu-2Dsecevent-2Drisc-2Duse-2Dcases&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=g-XR90LJbGJs22ZRyHyrQImdiSKuOUnSx-uMihcBj0E&s=OX-mKgdgZCEmFXFwEXGLt-kVgWVuGo1ALdObEvqys0U&e=" style="color:purple;text-decoration:underline" target="_blank">https://tools.ietf.org/html/<wbr>draft-scurtescu-secevent-risc-<wbr>use-cases</a><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Currently we are not tracking any use case like that.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Email may not be the best example because we mistakenly believe that addresses uniquely point to one individual. <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">They might but if it is not a email and just an account identifier then knowing who’s it is important.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Confusing of account identifiers and email addresses is a horse that has left the barn.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">If the subject were just account numbers that could easily collide then scoping has a clearer value.<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">An IdP could use account identifiers, or numbers, but these would be expressed as the sub claim and sub is always scoped to the IdP issuer. No other scoping is needed IMO.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Phone numbers have similar issues.  They have a higher turn over and reuse than email.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">If the sub email phone etc is scoped to the issuer use the top level elements.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">In cases where it is different ave a alias object that makes the scoping explicit.<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I think email and phone is always global and does not need scoping. If not, then we need to clarify this.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">sub is scoped by iss.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">You might have both in a SET if the sender wants to expose its sub and also explicitly include a alias that the receiver understands like a phone number.<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Yes, both can be present.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I think we are saying the same thing.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Here is proposal 3 again:<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Top level claims when there is no iss conflict:<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"jti": "<wbr>3d0c3cf797584bd193bd0fb1bd4e7d<wbr>30",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"iat": 1458496025,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"iss": "<a href="https://tr.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://tr.example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"aud": "<a href="https://rv.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://rv.example.com/</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"sub": "47635747",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"email": "<a href="mailto:user@example.com" style="color:purple;text-decoration:underline" target="_blank">user@example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"phone_number": "123-555-9876,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"events": {</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">   <span class="m_2114304735300278288apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>sessions-revoked": {},</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">   <span class="m_2114304735300278288apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>tokens-revoked": {}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">And nested object when there is an iss conflict:<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"jti": "<wbr>3d0c3cf797584bd193bd0fb1bd4e7d<wbr>30",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"iat": 1458496025,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"iss": "<a href="https://tr.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://tr.example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"aud": "<a href="https://rv.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://rv.example.com/</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"risc_subject": {</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">   <span class="m_2114304735300278288apple-converted-space"> </span>"iss": "<a href="https://example.com/" style="color:purple;text-decoration:underline" target="_blank">https://example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">   <span class="m_2114304735300278288apple-converted-space"> </span>"sub": "47635747",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">   <span class="m_2114304735300278288apple-converted-space"> </span>"email": "<a href="mailto:user@example.com" style="color:purple;text-decoration:underline" target="_blank">user@example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">   <span class="m_2114304735300278288apple-converted-space"> </span>"phone_number": "123-555-9876,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>},</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>"events": {</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">   <span class="m_2114304735300278288apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>sessions-revoked": {},</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">   <span class="m_2114304735300278288apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>tokens-revoked": {}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9.5pt;font-family:'Courier New'">}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">sub, email and phone_number form a set of claims that point to a person, at least one of these claims must be preset.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Sounds good?<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">John B.<u></u><u></u></span></div></div><div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Aug 3, 2017, at 6:23 PM, Marius Scurtescu <<a href="mailto:mscurtescu@google.com" style="color:purple;text-decoration:underline" target="_blank">mscurtescu@google.com</a>> wrote:<u></u><u></u></span></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Thu, Aug 3, 2017 at 2:41 PM, John Bradley <<a href="mailto:ve7jtb@ve7jtb.com" style="color:purple;text-decoration:underline" target="_blank">ve7jtb@ve7jtb.com</a>> wrote:<u></u><u></u></span></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Each alias might have a different issuer/scope.<u></u><u></u></span></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Maybe, but let's get concrete since I believe we have to define each alias. What else than iss+sub, email and phone_number?<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Email is also tricky, as foreign emails are often used as the username.<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Right, and I think that's irrelevant in this case. If not, then why not?<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">That email address used as a name may or may not be validated.  <u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Good point, and again not sure how is this relevant to SET. The add/remove APIs most likely will have to also provide the "email_verified" claim along with "email", but that's a different draft.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I still have a test Facebook account with a email as the login name that has never been validated after nearly two years. <u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Right, it is a common case. Also, if the email was validated 8 years ago, what value does that validation still have?<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">So is talking about “<a href="mailto:self-issued@hotmail,.com" style="color:purple;text-decoration:underline" target="_blank">self-issued@hotmail,.com</a>” scope Facebook the same as<span class="m_2114304735300278288apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__sef-2Dissued.com_&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=g-XR90LJbGJs22ZRyHyrQImdiSKuOUnSx-uMihcBj0E&s=dtZNC7Ug_OjhPH2dXU2AD0ubqcbveLV8e91TJqDzyRM&e=" style="color:purple;text-decoration:underline" target="_blank">sef-issued.com</a><span class="m_2114304735300278288apple-converted-space"> </span>scope google vs scope Microsoft the same or different?<u></u><u></u></span></div></div></div></blockquote><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Are some usernames with issuers and only the MS scoped one a real email?<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">In general you have a identifier string of some sort scoped to a responsible authority.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I don’t really care if you want to have <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">{“val”: “<a href="mailto:self-issued@hotmail,.com" style="color:purple;text-decoration:underline" target="_blank">self-issued@hotmail,.com</a>”,  “scope”: “Facebook” , “type”: “email”}<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Or create specific claims that combine type and val.<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Not sure I completely follow. What does "scope Facebook" mean with regards to  <a href="mailto:self-issued@hotmail,.com" style="color:purple;text-decoration:underline" target="_blank">self-issued@hotmail,.com</a>? Microsoft is authoritative over that email address, and how does one discover that is a different question.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">If Google is sending a RISC event to Facebook and the subject is "<a href="mailto:email=self-issued@hotmail,.com" style="color:purple;text-decoration:underline" target="_blank">email=self-issued@hotmail,.<wbr>com</a>" then scope=Facebook I think is implied (the fact that Facebook knows the user as <a href="mailto:self-issued@hotmail,.com" style="color:purple;text-decoration:underline" target="_blank">self-issued@hotmail,.com</a>). How would an explicit scope help here? Do you have a use case in mind?<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I suspect that having it be a object will allow for cleanly adding other meta-data later.<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I think everyone agrees it should be an object. You suggested that the value could be an array, I am not sure I understand the need for that.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I do think that it is a new claim separate from the existing sub, and needs the context of who is the responsible authority for the identifier or it will get very messy.<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Right, but I think who is responsible for the identifier (scope?) is clear by the context (transmitter and receiver).<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">John B.<u></u><u></u></span></div></div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Aug 3, 2017, at 4:36 PM, Marius Scurtescu <<a href="mailto:mscurtescu@google.com" style="color:purple;text-decoration:underline" target="_blank">mscurtescu@google.com</a>> wrote:<u></u><u></u></span></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Thu, Aug 3, 2017 at 12:02 PM, John Bradley <<a href="mailto:ve7jtb@ve7jtb.com" style="color:purple;text-decoration:underline" target="_blank">ve7jtb@ve7jtb.com</a>> wrote:<u></u><u></u></span></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Alias or aka <u></u><u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I am issuer foo and the subject is bar in my context.   I also know them as “<a href="mailto:self-issued@hotmail.com" style="color:purple;text-decoration:underline" target="_blank">self-issued@hotmail.com</a>” in the context of Facebook and<span class="m_2114304735300278288apple-converted-space"> </span><span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gc-cs-link">+15555551235</span><span class="m_2114304735300278288apple-converted-space"> </span>in the context of phone number.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">That leaves the current definitions of sub and its unchanged.<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">All the different ways the identity can be referred to must be defined by the profile. Right?<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">For the RISC profile I had in mind:<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">- iss+sub<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">- email<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">- phone_number<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Obviously this is inspired by OpenID Connect, the same claims can be present in an Id Token.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">If the above makes sense, then not sure if an array is needed.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">John B.<u></u><u></u></span></div></div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Aug 3, 2017, at 2:57 PM, Phil Hunt (IDM) <<a href="mailto:phil.hunt@oracle.com" style="color:purple;text-decoration:underline" target="_blank">phil.hunt@oracle.com</a>> wrote:<u></u><u></u></span></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Agreed. <br><br>Phil<u></u><u></u></span></div></div><div><p class="MsoNormal" style="margin:0in 0in 12pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><br>On Aug 3, 2017, at 11:56 AM, John Bradley <<a href="mailto:ve7jtb@ve7jtb.com" style="color:purple;text-decoration:underline" target="_blank">ve7jtb@ve7jtb.com</a>> wrote:<u></u><u></u></span></p></div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Identity or whatever it is called may actually want to be an array, as there might be multiple synonyms.<u></u><u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">That is why I was thinking of it more as an alias of sub + iss.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Aug 3, 2017, at 1:49 PM, Marius Scurtescu <<a href="mailto:mscurtescu@google.com" style="color:purple;text-decoration:underline" target="_blank">mscurtescu@google.com</a>> wrote:<u></u><u></u></span></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Thu, Aug 3, 2017 at 10:39 AM, Phil Hunt <<a href="mailto:phil.hunt@oracle.com" style="color:purple;text-decoration:underline" target="_blank">phil.hunt@oracle.com</a>> wrote:<u></u><u></u></span></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">yes.  Instead of using “sub”  you might define an attribute “identity” and it could be used as follows:<u></u><u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">“identity”:{<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <span class="m_2114304735300278288apple-converted-space"> </span>“typ”:”oidc”,<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <span class="m_2114304735300278288apple-converted-space"> </span>“sub”:”<wbr>8100552e17554422b6207b7bd7a9bc<wbr>76”,<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <span class="m_2114304735300278288apple-converted-space"> </span>“iss”:”<a href="http://myidp.example.com/" style="color:purple;text-decoration:underline" target="_blank">myidp.example.com</a>"<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">}<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Or:<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">“identity”:{<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <span class="m_2114304735300278288apple-converted-space"> </span>“typ”:”scim”,<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <span class="m_2114304735300278288apple-converted-space"> </span>“$ref”:”<a href="https://scim.example.com/Users/8100552e17554422b6207b7bd7a9bc76" style="color:purple;text-decoration:underline" target="_blank">https://scim.<wbr>example.com/Users/<wbr>8100552e17554422b6207b7bd7a9bc<wbr>76</a>”<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">}<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Or<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">(not sure these are the right claims, but you might include some claims from MODRNA like carrier identifiers if they are available)<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">“identity”:{<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <span class="m_2114304735300278288apple-converted-space"> </span>“typ”:”phone”,<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <span class="m_2114304735300278288apple-converted-space"> </span>“telephoneNumber”:”+<wbr>16041234567”<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <span class="m_2114304735300278288apple-converted-space"> </span>“carrier”: <somevalue>  <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">}<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">“identity”:{<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <span class="m_2114304735300278288apple-converted-space"> </span>“typ”:”emails”,<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <span class="m_2114304735300278288apple-converted-space"> </span>“mail”:”<a href="mailto:john.doe@example.com" style="color:purple;text-decoration:underline" target="_blank">john.doe@example.com</a><wbr>”<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">}<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Note “identity” could be used at the top level or embedded in events payload.  Top level if there is need to have multiple event types are expressed at once.  Or, if part of the core spec to provide a consistent pattern for identifiers and to establish a registry of identifier types.  Regardless at the top level, then “identity” would have to be registered as a JWT claim.<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">This is a separate discussion we should have, I was proposing something different here, but I was trying to focus on the issuer conflict first.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">That being said, I don't see why a typ claim is needed here. We can use the exact same claims as in an Id Token. SCIM needs a different profile than RISC.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Your examples from above using Id Token claims (minus the SCIM example):<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">“identity”:{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>“sub”:”<wbr>8100552e17554422b6207b7bd7a9bc<wbr>76”,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>“iss”:”<a href="http://myidp.example.com/" style="color:purple;text-decoration:underline" target="_blank">myidp.example.com</a>"</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">“identity”:{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>“phone_number”:”+<wbr>16041234567”</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">“identity”:{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288apple-converted-space"> </span>“email”:”<a href="mailto:john.doe@example.com" style="color:purple;text-decoration:underline" target="_blank">john.doe@example.<wbr>com</a>”</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> </span></span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Phil<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Oracle Corporation, Identity Cloud Services Architect & Standards<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">@independentid<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.independentid.com_&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=g-XR90LJbGJs22ZRyHyrQImdiSKuOUnSx-uMihcBj0E&s=EvUUqTsPqYyUuG705IQ1fE0g8wpPX5VG6xbOnpVHvsQ&e=" style="color:purple;text-decoration:underline" target="_blank">www.independentid.com</a><u></u><u></u></span></div></div></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><a href="mailto:phil.hunt@oracle.com" style="color:purple;text-decoration:underline" target="_blank">phil.hunt@oracle.com</a><u></u><u></u></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><div><div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Aug 3, 2017, at 10:28 AM, Marius Scurtescu <<a href="mailto:mscurtescu@google.com" style="color:purple;text-decoration:underline" target="_blank">mscurtescu@google.com</a>> wrote:<u></u><u></u></span></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Thu, Aug 3, 2017 at 9:42 AM, John Bradley<span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span><<a href="mailto:ve7jtb@ve7jtb.com" style="color:purple;text-decoration:underline" target="_blank">ve7jtb@ve7jtb.com</a>><span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>wr<wbr>ote:<u></u><u></u></span></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">I guess in principal sub could be a dictionary with a val and other meta data like a optional issuer.<u></u><u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">We do that with sub in <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.net_specs_openid-2Dconnect-2Dcore-2D1-5F0.html-23IndividualClaimsRequests&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=0XvWuopUa1rUzdTHlWsUVZI7PePtDaGu3VrMUlwE2yU&s=VzfByRviJEJHNZfefEzIWK8KsuPhKsf_RXi6eOTxbeI&e=" style="color:purple;text-decoration:underline" target="_blank">Connect claims requests</a>.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">However in responses sub is defined in <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7519-23section-2D4.1.2&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=0XvWuopUa1rUzdTHlWsUVZI7PePtDaGu3VrMUlwE2yU&s=5GZBJpUnQsgSTinzQRg5GLOPDs6YuqtEr_PEMy9JsMQ&e=" style="color:purple;text-decoration:underline" target="_blank">https://tools.ietf.org/html/<wbr>rfc7519#section-4.1.2</a> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>as a string.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">One option might be to have a new claim.  sub-d that is a dictionary that you could use when you need a more complicated sub with a SubjectNameIdFormat and scope.   How could that go wrong:)<u></u><u></u></span></div></div></div></blockquote><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">That is option 3, right?<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">John B.<u></u><u></u></span></div></div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">On Aug 3, 2017, at 12:19 PM, Phil Hunt (IDM) <<a href="mailto:phil.hunt@oracle.com" style="color:purple;text-decoration:underline" target="_blank">phil.hunt@oracle.com</a>> wrote:<u></u><u></u></span></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Lets not forget that we also have cases where subject is identified by email or telephone or other identifier (implicit fed cases). <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Risc needs to have a subject type attribute to inform parsers how to identify the subject. The next question whether sub gets re-used as a general purpose attribute or whether specific attributes are used for each type (email, telephone). <br><br>In solving this broader requirement the sub/iss problem may also be resolved. <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><br>Phil<u></u><u></u></span></div></div><div><p class="MsoNormal" style="margin:0in 0in 12pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><br>On Aug 3, 2017, at 1:52 AM, Nat Sakimura <<a href="mailto:sakimura@gmail.com" style="color:purple;text-decoration:underline" target="_blank">sakimura@gmail.com</a>> wrote:<u></u><u></u></span></p></div><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">My preference: If all SET only supports a single iss/sub pair, then 1. If a SET can have events for multiple iss/sub pair, then 2.<span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span><u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">2017</span><span style="font-size:9pt;font-family:'MS Gothic'">年</span><span style="font-size:9pt;font-family:Helvetica,sans-serif">8</span><span style="font-size:9pt;font-family:'MS Gothic'">月</span><span style="font-size:9pt;font-family:Helvetica,sans-serif">3</span><span style="font-size:9pt;font-family:'MS Gothic'">日</span><span style="font-size:9pt;font-family:Helvetica,sans-serif">(</span><span style="font-size:9pt;font-family:'MS Gothic'">木</span><span style="font-size:9pt;font-family:Helvetica,sans-serif">) 7:49 Marius Scurtescu <<a href="mailto:mscurtescu@google.com" style="color:purple;text-decoration:underline" target="_blank">mscurtescu@google.com</a>>:<u></u><u></u></span></div></div><blockquote style="border-style:none none none solid;border-left-width:1pt;border-left-color:rgb(204,204,204);padding:0in 0in 0in 6pt;margin:5pt 0in 5pt 4.8pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Each SET profile must define or clarify several aspects of the specs. For RISC most of these must only be only specified (like key resolution), but there is at least one issue for which we don't have an agreed on solution.<u></u><u></u></span></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">In some use cases the issuer of the SET is different from the issuer of the subject identifier, and at least in those cases there cannot be only one top level "iss" claim.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Here are the proposals I am aware of to solve this issue:<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">1. Move iss+sub to the event level. The drawback of this approach is redundancy when multiple events are present in the SET.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"jti": "<wbr>3d0c3cf797584bd193bd0fb1bd4e7d<wbr>30",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iat": 1458496025,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://tr.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://tr.example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"aud": "<a href="https://rv.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://rv.example.com/</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"events": {</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>sessions-revoked":</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">     <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://example.com/" style="color:purple;text-decoration:underline" target="_blank">https://example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">     <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"sub": "47635747",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>},</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>tokens-revoked":</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">     <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://example.com/" style="color:purple;text-decoration:underline" target="_blank">https://example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">     <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"sub": "47635747",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">1.1 Move only the subject "iss" to the event level and leave "sub" at the top level (next to the SET "iss"). I find this solution very confusing.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"jti": "<wbr>3d0c3cf797584bd193bd0fb1bd4e7d<wbr>30",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iat": 1458496025,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://tr.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://tr.example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"sub": "47635747",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"aud": "<a href="https://rv.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://rv.example.com/</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"events": {</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>sessions-revoked":</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">     <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://example.com/" style="color:purple;text-decoration:underline" target="_blank">https://example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>},</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>tokens-revoked":</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">     <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://example.com/" style="color:purple;text-decoration:underline" target="_blank">https://example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">2. Move iss+sub immediately under the "events" claim. No redundancy in this case.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"jti": "<wbr>3d0c3cf797584bd193bd0fb1bd4e7d<wbr>30",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iat": 1458496025,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://tr.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://tr.example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"aud": "<a href="https://rv.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://rv.example.com/</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"events": {</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://example.com/" style="color:purple;text-decoration:underline" target="_blank">https://example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"sub": "47635747",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>sessions-revoked": {},</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>tokens-revoked": {}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">3. Move iss+sub to a new nested claim.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"jti": "<wbr>3d0c3cf797584bd193bd0fb1bd4e7d<wbr>30",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iat": 1458496025,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://tr.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://tr.example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"aud": "<a href="https://rv.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://rv.example.com/</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"target": {</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://example.com/" style="color:purple;text-decoration:underline" target="_blank">https://example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"sub": "47635747",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>},</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"events": {</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>sessions-revoked": {},</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>tokens-revoked": {}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">4. Define a new top level issuer claim either for the SET or for the subject.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">{</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"jti": "<wbr>3d0c3cf797584bd193bd0fb1bd4e7d<wbr>30",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iat": 1458496025,</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss": "<a href="https://tr.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://tr.example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"iss-sub": "<a href="https://example.com/" style="color:purple;text-decoration:underline" target="_blank">https://example.com</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"sub": "47635747",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"aud": "<a href="https://rv.example.com/" style="color:purple;text-decoration:underline" target="_blank">https://rv.example.com/</a>",</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"events": {</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>sessions-revoked": {},</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">   <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>"urn:ietf:params:risc:event:<wbr>tokens-revoked": {}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'"> <span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span>}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:'Courier New'">}</span><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u><u></u></span></div></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">An open question is if this new iss+sub solution should be always required or if a top level iss+sub should also be allowed (when there is no conflict). I vote for having only one way for simplicity.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Once we decide on a solution we can start working on the RISC profile draft.<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Thoughts?<u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div><div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Marius<u></u><u></u></span></div></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">______________________________<wbr>_________________<br>Openid-specs-risc mailing list<br><a href="mailto:Openid-specs-risc@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">Openid-specs-risc@lists.<wbr>openid.net</a><br><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=oELWrk4I8hITS0xtNBEzkxMNmGjdHfFGkwNTJluxMQM&s=WH0oHORcbz6GzolvV9301ap4nCL-qYRmD7wWIWPJnL8&e=" style="color:purple;text-decoration:underline" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>risc</a><u></u><u></u></span></div></blockquote></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">--<span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span><u></u><u></u></span></div></div><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Nat Sakimura<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">Chairman of the Board, OpenID Foundation<u></u><u></u></span></div></div></div></blockquote><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">______________________________<wbr>_________________<br>Openid-specs-risc mailing list<br><a href="mailto:Openid-specs-risc@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">Openid-specs-risc@lists.<wbr>openid.net</a><br><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=oELWrk4I8hITS0xtNBEzkxMNmGjdHfFGkwNTJluxMQM&s=WH0oHORcbz6GzolvV9301ap4nCL-qYRmD7wWIWPJnL8&e=" style="color:purple;text-decoration:underline" target="_blank">https://urldefense.proofpoint.<wbr>com/v2/url?u=http-3A__lists.<wbr>openid.net_mailman_listinfo_<wbr>openid-2Dspecs-2Drisc&d=<wbr>DwICAg&c=<wbr>RoP1YumCXCgaWHvlZYR8PQcxBKCX5Y<wbr>TpkKY057SbK10&r=<wbr>JBm5biRrKugCH0FkITSeGJxPEivzjW<wbr>wlNKe4C_lLIGk&m=<wbr>oELWrk4I8hITS0xtNBEzkxMNmGjdHf<wbr>FGkwNTJluxMQM&s=<wbr>WH0oHORcbz6GzolvV9301ap4nCL-<wbr>qYRmD7wWIWPJnL8&e=</a><span class="m_2114304735300278288m4993303884491631765m-8107292078757266690gmail-m211135882081915750gmail-m-5154919286245319102m922368068620098186gmail-m-2518339591068322597apple-converted-space"> </span><u></u><u></u></span></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">______________________________<wbr>_________________<br>Openid-specs-risc mailing list<br><a href="mailto:Openid-specs-risc@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">Openid-specs-risc@lists.<wbr>openid.net</a><br><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=0XvWuopUa1rUzdTHlWsUVZI7PePtDaGu3VrMUlwE2yU&s=EIvVFfL8djzqG2zMxSY4EPjMuBglQoE0xKzdgiOiOK8&e=" style="color:purple;text-decoration:underline" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>risc</a><u></u><u></u></span></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><br>______________________________<wbr>_________________<br>Openid-specs-risc mailing list<br><a href="mailto:Openid-specs-risc@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">Openid-specs-risc@lists.<wbr>openid.net</a><br><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=0XvWuopUa1rUzdTHlWsUVZI7PePtDaGu3VrMUlwE2yU&s=EIvVFfL8djzqG2zMxSY4EPjMuBglQoE0xKzdgiOiOK8&e=" style="color:purple;text-decoration:underline" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>risc</a><u></u><u></u></span></div></blockquote></div></div></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div></blockquote></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div></div></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"> <u></u><u></u></span></div></div></div></div></blockquote></div></div></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">______________________________<wbr>_________________<br>Openid-specs-risc mailing list<br><a href="mailto:Openid-specs-risc@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">Openid-specs-risc@lists.<wbr>openid.net</a><br><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=ar-V7quwUKHP0_EoDjVLj3sD47XneddlJAI0NPcWsGQ&s=cOt0Kk2JSbsPiJXN9s1-CLrTq7BRslQsVUHyvCpGvhY&e=" style="color:purple;text-decoration:underline" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs-<wbr>risc</a><u></u><u></u></span></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div></div></div></div></div></div></blockquote></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif"><u></u> <u></u></span></div></div><div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Helvetica,sans-serif">______________________________<wbr>_________________<br>Openid-specs-risc mailing list<br><a href="mailto:Openid-specs-risc@lists.openid.net" style="color:purple;text-decoration:underline" target="_blank">Openid-specs-risc@lists.<wbr>openid.net</a><br></span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Drisc&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=ar-V7quwUKHP0_EoDjVLj3sD47XneddlJAI0NPcWsGQ&s=cOt0Kk2JSbsPiJXN9s1-CLrTq7BRslQsVUHyvCpGvhY&e=" style="color:purple;text-decoration:underline" target="_blank"><span style="font-size:9pt;font-family:Helvetica,sans-serif">https://urldefense.proofpoint.<wbr>com/v2/url?u=http-3A__lists.<wbr>openid.net_mailman_listinfo_<wbr>openid-2Dspecs-2Drisc&d=<wbr>DwICAg&c=<wbr>RoP1YumCXCgaWHvlZYR8PQcxBKCX5Y<wbr>TpkKY057SbK10&r=<wbr>JBm5biRrKugCH0FkITSeGJxPEivzjW<wbr>wlNKe4C_lLIGk&m=ar-V7quwUKHP0_<wbr>EoDjVLj3sD47XneddlJAI0NPcWsGQ&<wbr>s=cOt0Kk2JSbsPiJXN9s1-<wbr>CLrTq7BRslQsVUHyvCpGvhY&e=</span></a></div></div></blockquote></div></div></div></div></blockquote></div><br></div></div></blockquote></div><br></div>